Couple of things, particularly with respect to nation-state attackers (which I’ll abbreviate as NSA, for reasons…) in mind.

For VPN’s, they absolutely protect you (bugs notwithstanding) from your device, over insecure networks, to the endpoint of your VPN. From the VPN provider out, there’s nothing there. They’re completely effective at protecting against the threat they’re good for, but if NSA is your concern, the protection is limited.

Using a commercial VPN provider concentrates the value of breaking that provider. If NSA can get something in the provider’s network or get legal leverage over them, NSL, etc., they potentially break a lot of users all at once. Not everyone has the same scruples (and cojones…) Lavabit had.

If NSA can sniff the exit point of your provider (spoilers: they can…), they can do a lot with that traffic, even with multiple people coming through the same firehose. SSL helps (bugs notwithstanding…), but traffic analysis can do a lot to de-anonymize you and figure out which groups of encrypted traffic go together. Break one of the connections (or catch something that skipped SSL), and you (maybe) know who owns the rest in that group. Lots of ways to fingerprint encrypted packets to get some idea what goes with what. Tor suffers from a similar issue if packets that can identify you go through the same exit node as stuff you’re trying to hide.

Still, VPN is absolutely valuable for keeping Starbucks or that shady character in the corner with the Pringles can from reading your stuff. Also might be helpful if you’re on corporate wifi, assuming there’s not policy forbidding it that would get you in more trouble than the tunneled traffic. I use VPN for *everything*, but the endpoint is a server in my house. I don’t consider VPN effective for hiding my identity from NSA, but it does keep anything that happens to not be SSL protected from whatever crap network I’m on so I don’t have to worry about open WiFi as much. Also protects against local DNS sniffing or tampering.

Related to public networks, might be worth mentioning that even with VPN, your device’s name is usually broadcast over WiFi and Bluetooth. “[Pendorbound’s real name]’s iPhone” is perhaps a poor choice.

For the iPhone passcode automatic wipe, there’s not a lot of risk of kids wiping your phone by guessing. After the first three, the time you have to wait before guessing again gets longer. I think it takes a full 24 hours to get through all 10 tries.

If you’re using TouchID on an iPhone and are concerned about LEO accessing it (IE traversing security or imminent arrest), reboot or crash the phone (hold power & home for 10 seconds). On boot, your passcode is required to unlock. More importantly the Secure Enclave destroys key material that it otherwise caches that unlocks most of the secure non-OS data on the device including contact lists, photos, etc. That key data is derived from your passcode (so make it a good one…).

With iPhone 6 & later, recovering that data without cooperation or some other way to “extract” the passcode ($5 wrench…) approaches impossible due to the maximum tries counter being physically located in the Secure Enclave. Older iOS devices had the counter stored in normal flash storage external to the CPU/Secure Enclave pair which is what enabled unlocking the San Bernardino iPhone.

I was thinking about your event data deletion policy after the CIR training & again during the ‘cast. As John said, you’ve got evidence destruction charges as a possibility, but let’s assume you have a staff that’s fanatically dedicated to members’ privacy, no matter the personal costs. =)

The concern I have is that deleting the data from the cloud provider is unlikely to do anything against NSA. The cloud provider has filesystem snapshots, backup rotations, etc. The data will stick around for at least days, probably months after deletion. It’s a warrant away… That approach gives some protection against non-NSA blackmail against a staff member and probably other attack vectors, so it definitely has merit. Just isn’t going to stop someone who can knock on your cloud provider’s door with paper and/or lead-based persuasion techniques…

Then of course there’s the whole credit card thing. If NSA wants to get a list of Ropecraft attendees, they hit your bank. Game over, and good chance you’d never even get notified.

You (or maybe John) mentioned looking like a terrorist, I think around the point of talking about the rubber hose crypto functionality in (True|Vera)Crypt. IE do shady things and even if they can’t get your data, you still look shady which might be enough.

One suggestion I’ve read about maintaining separate encrypted partitions is to *not* make your outer partition look completely clean. First, if you’re not using the “clean” partition enough, that stands out. Last modification dates on files, etc. The other suggestion is that having something embarrassing but not illegal in the outer partition gives you something plausible to hide & may head off suspicion that there’s more data there. Once upon a time, the suggestion was gay furry clown porn or something, though with the Hair Furor and Sessions as AG, the clock may be running on the safety of that approach, legally speaking… In any case, outer partition not having *anything* to hide is itself suspicious. Why are you going through all this trouble to hide nothing??? Having something in the sacrificial partition actually be a sacrifice *may* have value.

For virtualization on Mac, VirtualBox & VMware are far better than Parallels (performance wise). VMware is better-enough for me to make my employer shell out the money for me, but VBox is good for the majority of stuff.

John didn’t mention Qubes, and I’d be curious what he thinks of it. I’m a Mac guy so don’t use it, but if you’re running on Wintel hardware and don’t mind a Linux wrapper, Qubes does with a series of virtual machines what John described doing with several browsers. Each “Qube” is tagged with a security level indicated on each window with a colored coded border. Do your banking in green windows, Pornhub in the red ones. Seems interesting, but until someone ports it to Xhyve (and I shell out for Macs with CPU’s new enough to support Hypervisor.framework), not for me, alas…

I loved the Little Brother plug. One of my favorite books. It’s on the short list (along with Ethical Slut and Unspeakable Mutilations) that I tend to buy in batches & hand out and/or slap upside the head & shoulders to people who should read it…

A few other general suggestions you didn’t get into that I think have value:

1. Turn off Flash. It’s the number one malware vector for ages now. You can use FlashBlock (Firefox) or Click2Flash (Safari and Chrome I *think*) to enable it on an opt-in basis for sites you trust. At the very least, keep it updated! Snowden’s various documents suggest NSA loves Flash zero-days, so if you’ve Come to the Attention of Those in Authority, even keeping it update may not be enough.

3. Ad-block. I know this one is touchy considering some people in the scene likely rely on ads for revenue. Ad networks are notoriously bad at vetting the content they run. This seems to be a popular route for exploiting one of those Flash zero-day’s, as well as various media player vulnerabilities, JavaScript sandbox escapes, etc.

That’s all I’ve got. You talked about really good stuff. Thanks for taking the time to do this interview & edit it!